ietf-mailsig
[Top] [All Lists]

Re: DKIM: c=simple is aspirational

2005-07-21 08:21:06


On Jul 18, 2005, at 2:14 PM, Jim Fenton wrote:

As for the removal of internal white space in the nowsp canonicalization, if whitespace is something that can't be exploited by an attacker, why not remove it?  The only exploit I'm aware of is the somewhat ridiculous "ASCII art" attack where an existing message is respaced to spell out something else in big letters.

Ridiculous or not, I'm getting a lot of them these days. If I were a spammer, I would be very interested in intercepting valid signed messages and turning them into ASCII art in a way that preservesd the signature.

Having said that, I'm not sure we should worry about it. I don't have a very high opinion of the technical competence of the average user, but I think the idea that most ASCII art messages are not to be trusted is something that we can socialize widely.

Also, Earl Hood wrote

Since DKIM makes allows digitally signing of message bodies,
there is an implicit indication that message content can be "protected"
via DKIM.

Implicit indications aren 't very helpful. But we can certainly say that DKIM + base64 protects the content. Perhaps we should explicitly recommend base64 for anyone who wants this kind of absolute fidelity? I've long believed that if you don't use base64, you shouldn't expect that kind of fidelity. -- Nathaniel



<Prev in Thread] Current Thread [Next in Thread>